# Compliance Attestation Form **Document Version:** 1.0.0 **Last Updated:** 2026-01-25 This document describes the compliance attestation process for Stella Ops Community Plugin Grant users. For a fillable template, see `templates/self-attestation-form.md`. --- ## 1. Purpose The compliance attestation process allows organizations to demonstrate compliance with the Stella Ops Community Plugin Grant without enabling telemetry or undergoing formal audit. It provides a trust-based mechanism for license compliance verification. --- ## 2. Who Should Attest Annual attestation is recommended for: - Organizations using Stella Ops in production - Deployments approaching free tier limits (2+ environments, 500+ scans/day) - Organizations with data governance policies prohibiting telemetry - MSPs managing customer deployments Attestation is **not required** for: - Non-production or evaluation use - Single-environment deployments well within limits - Organizations with active telemetry enabled --- ## 3. Attestation Components ### 3.1 Operator Information | Field | Description | Example | |-------|-------------|---------| | Organization Name | Legal entity name | Acme Corporation | | Contact Name | Primary compliance contact | Jane Smith | | Contact Email | Email for compliance communications | compliance@acme.com | | Installation ID | From admin dashboard (optional) | inst_abc123xyz | | Attestation Date | Date form completed | 2026-01-25 | ### 3.2 Usage Declaration Declare current usage levels: **Environment Count:** - [ ] 1 Environment - [ ] 2 Environments - [ ] 3 Environments (maximum free tier) - [ ] More than 3 Environments (requires commercial license) **Scan Volume (peak 24-hour period in past year):** - [ ] Under 100 scans/day - [ ] 100-499 scans/day - [ ] 500-999 scans/day (maximum free tier) - [ ] Over 999 scans/day (requires commercial license) ### 3.3 Distribution Declaration If redistributing Stella Ops or Plugins: - [ ] We do not redistribute Stella Ops or Plugins - [ ] We redistribute with LICENSE and NOTICE files preserved - [ ] We redistribute Plugins only (not core Stella Ops) - [ ] We include this Addendum verbatim in all distributions - [ ] We do not offer Stella Ops as a competing managed service ### 3.4 SaaS/MSP Declaration Select the applicable scenario: - [ ] **Internal Use Only:** Stella Ops is used only by our employees/contractors - [ ] **MSP Single-Tenant:** We host isolated instances for customers (license details below) - [ ] **Not Applicable:** We do not provide hosted services If MSP Single-Tenant, specify: - Number of customer instances: ___ - License type per instance: - [ ] Each customer has own license - [ ] Our commercial license covers all instances - [ ] Mix (specify below) --- ## 4. Certification Statement By submitting this attestation, the undersigned certifies that: 1. The information provided is accurate to the best of their knowledge 2. The organization's use of Stella Ops complies with BUSL-1.1 and the Community Plugin Grant 3. They have authority to make this attestation on behalf of the organization 4. They understand that false attestation may result in license termination --- ## 5. Submission Process ### Step 1: Download Template Copy the template from `docs/legal/templates/self-attestation-form.md` ### Step 2: Complete Form Fill in all required fields. Use "N/A" for non-applicable sections. ### Step 3: Internal Review Have appropriate internal stakeholders review: - Legal/Compliance team - IT/Platform team (for technical accuracy) - Management (for authorization) ### Step 4: Submit Send completed form to: compliance@stella-ops.org **Subject line:** `Compliance Attestation - [Organization Name] - [Year]` ### Step 5: Confirmation - Acknowledgment within 10 business days - Confirmation letter issued if attestation accepted - Follow-up questions if clarification needed --- ## 6. Renewal ### 6.1 Annual Renewal Attestation should be renewed annually: - **Preferred:** Within 30 days of attestation anniversary - **Grace period:** 60 days after anniversary - **Reminder:** stella-ops.org will send reminder 30 days before due date ### 6.2 Material Changes Submit updated attestation within 30 days if: - Environment count increases - Scan volume regularly exceeds 80% of limit - Organization structure changes (merger, acquisition) - Deployment model changes (internal to MSP) --- ## 7. Record Retention ### 7.1 Attestor Retention Organizations should retain: - Copy of submitted attestation - Supporting documentation (usage reports, dashboard screenshots) - Confirmation letter from stella-ops.org **Recommended retention period:** 5 years ### 7.2 stella-ops.org Retention stella-ops.org retains: - Submitted attestations: 5 years - Confirmation letters: Indefinitely - Supporting communications: 3 years --- ## 8. Frequently Asked Questions ### Q: Is attestation mandatory? **A:** No. Attestation is voluntary and recommended. It provides documented evidence of compliance in case of future questions. ### Q: What if our usage changes after attesting? **A:** Submit an updated attestation within 30 days of material changes. Good-faith updates are appreciated and do not trigger penalties. ### Q: Can we attest for multiple installations? **A:** Yes. Use one form per installation, or contact compliance@stella-ops.org for a consolidated form for large deployments. ### Q: What happens if we can't attest to compliance? **A:** Contact sales@stella-ops.org to discuss commercial licensing options. There's no penalty for recognizing a need to upgrade. ### Q: Is the attestation legally binding? **A:** The attestation is a representation of fact. Knowingly false attestation may result in license termination. However, good-faith errors with prompt correction are not penalized. --- ## 9. Contact **Attestation submissions:** compliance@stella-ops.org **Questions about the process:** legal@stella-ops.org **Commercial licensing:** sales@stella-ops.org --- ## See Also - `templates/self-attestation-form.md` - Fillable template - `ENFORCEMENT_TELEMETRY_POLICY.md` - Audit and telemetry details - `LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md` - Full legal terms --- *Document maintained by: Legal + Compliance Team* *Last review: 2026-01-25*